CVE-2007-4033
published 2007-07-27CVE-2007-4033: Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a…
PriorityP349high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
18.66%
96.9th percentile
Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php | php | — | — |
| t1lib | t1lib | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5vjf-7425-428p: Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env
ghsa_unreviewed·2022-05-01
CVE-2007-4033 [HIGH] CWE-119 GHSA-5vjf-7425-428p: Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env
Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.
Ubuntu
t1lib vulnerability
vendor_ubuntu·2007-09-19
CVE-2007-4033 t1lib vulnerability
Title: t1lib vulnerability
Summary: t1lib vulnerability
It was discovered that t1lib does not properly perform bounds checking
which can result in a buffer overflow vulnerability. An attacker could
send specially crafted input to applications linked against t1lib which
could result in a DoS or arbitrary code execution.
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Red Hat
t1lib font filename string overflow
vendor_redhat·2007-07-26·CVSS 7.5
CVE-2007-4033 [HIGH] t1lib font filename string overflow
t1lib font filename string overflow
Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.
Statement: Not vulnerable. Versions of PHP packages as shipped with current Red Hat products are not linked with t1lib.
No detection rules found.
Exploit-DB
T1lib - 'intT1_Env_GetCompletePath' Buffer Overflow (PoC)
exploitdb·2007-07-26
CVE-2007-4033 T1lib - 'intT1_Env_GetCompletePath' Buffer Overflow (PoC)
T1lib - 'intT1_Env_GetCompletePath' Buffer Overflow (PoC)
---
source: https://www.securityfocus.com/bid/25079/info
T1lib is prone to a buffer-overflow vulnerability because the library fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.
An attacker can exploit this issue to execute arbitrary machine code in the context of applications that use the affected library. Failed exploit attempts will likely trigger crashes, denying service to legitimate users.
We do not know which versions of T1lib are affected.
Exploit-DB
PHP 5.2.3 - 'PHP_gd2.dll' imagepsloadfont Local Buffer Overflow (PoC)
exploitdb·2007-07-26
CVE-2007-4033 PHP 5.2.3 - 'PHP_gd2.dll' imagepsloadfont Local Buffer Overflow (PoC)
PHP 5.2.3 - 'PHP_gd2.dll' imagepsloadfont Local Buffer Overflow (PoC)
---
# milw0rm.com [2007-07-26]
Bugzilla
CVE-2007-4033 t1lib font filename string overflow
bugzilla·2007-10-25·CVSS 7.5
CVE-2007-4033 [HIGH] CVE-2007-4033 t1lib font filename string overflow
CVE-2007-4033 t1lib font filename string overflow
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-4033 to the following vulnerability:
Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.
References:
http://www.securityfocus.com/archive/1/archive/1/480239/100/100/threaded
http://www.securityfocus.com/archive/1/archive/1/480244/100/100/threaded
http://www.bugtraq.ir/adv/t1lib.txt
http://www.milw0rm.com/exploits/4227
https://bugzilla.redhat.com/show_bug.cgi?id=303021
http://bugs.gentoo.org/show_bug.cgi
Bugzilla
CVE-2007-4033 Buffer overflow in t1lib triggerable by long filename string
bugzilla·2007-09-24·CVSS 7.5
CVE-2007-4033 [HIGH] CVE-2007-4033 Buffer overflow in t1lib triggerable by long filename string
CVE-2007-4033 Buffer overflow in t1lib triggerable by long filename string
Description of problem:
Please see [1] and [2] for more information, [3] contains the patch.
[1] http://www.bugtraq.ir/adv/t1lib.txt
[2] http://secunia.com/advisories/26241/
[3] http://bugs.gentoo.org/show_bug.cgi?id=193437
Additional info:
This is most likely not exploitable on Fedora, due to FORTIFY_SOURCE protection,
as the overflow is strcat() call which is protected.
According to the Gentoo bug, the CVE identifier for this was requested.
Discussion:
CVE name is CVE-2007-4033, which was originally described as php_gd2
vulnerability. Description on CVE site is already updated.
---
I read it here as well
http://lwn.net/Articles/250737/
I am applying the fix and rebuilding for FC-6, F-7 and F-8.
---
Bui
http://bugs.gentoo.org/show_bug.cgi?id=193437http://fedoranews.org/updates/FEDORA-2007-234.shtmlhttp://secunia.com/advisories/26241http://secunia.com/advisories/26901http://secunia.com/advisories/26981http://secunia.com/advisories/26992http://secunia.com/advisories/27239http://secunia.com/advisories/27297http://secunia.com/advisories/27439http://secunia.com/advisories/27599http://secunia.com/advisories/27718http://secunia.com/advisories/27743http://secunia.com/advisories/28345http://secunia.com/advisories/30168http://security.gentoo.org/glsa/glsa-200710-12.xmlhttp://security.gentoo.org/glsa/glsa-200711-34.xmlhttp://security.gentoo.org/glsa/glsa-200805-13.xmlhttp://wiki.rpath.com/wiki/Advisories:rPSA-2008-0007http://www.bugtraq.ir/adv/t1lib.txthttp://www.debian.org/security/2007/dsa-1390http://www.mandriva.com/security/advisories?name=MDKSA-2007:189http://www.mandriva.com/security/advisories?name=MDKSA-2007:230http://www.novell.com/linux/security/advisories/2007_23_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2007-1027.htmlhttp://www.redhat.com/support/errata/RHSA-2007-1030.htmlhttp://www.redhat.com/support/errata/RHSA-2007-1031.htmlhttp://www.securityfocus.com/archive/1/480239/100/100/threadedhttp://www.securityfocus.com/archive/1/480244/100/100/threadedhttp://www.securityfocus.com/archive/1/485823/100/0/threadedhttp://www.securityfocus.com/archive/1/487984/100/0/threadedhttp://www.securityfocus.com/bid/25079http://www.securitytracker.com/id?1018905http://www.ubuntu.com/usn/usn-515-1https://bugzilla.redhat.com/show_bug.cgi?id=303021https://exchange.xforce.ibmcloud.com/vulnerabilities/35620https://issues.rpath.com/browse/RPL-1972https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10557https://www.exploit-db.com/exploits/4227https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.htmlhttp://bugs.gentoo.org/show_bug.cgi?id=193437http://fedoranews.org/updates/FEDORA-2007-234.shtmlhttp://secunia.com/advisories/26241http://secunia.com/advisories/26901http://secunia.com/advisories/26981http://secunia.com/advisories/26992http://secunia.com/advisories/27239http://secunia.com/advisories/27297http://secunia.com/advisories/27439http://secunia.com/advisories/27599http://secunia.com/advisories/27718http://secunia.com/advisories/27743http://secunia.com/advisories/28345http://secunia.com/advisories/30168http://security.gentoo.org/glsa/glsa-200710-12.xmlhttp://security.gentoo.org/glsa/glsa-200711-34.xmlhttp://security.gentoo.org/glsa/glsa-200805-13.xmlhttp://wiki.rpath.com/wiki/Advisories:rPSA-2008-0007http://www.bugtraq.ir/adv/t1lib.txthttp://www.debian.org/security/2007/dsa-1390http://www.mandriva.com/security/advisories?name=MDKSA-2007:189http://www.mandriva.com/security/advisories?name=MDKSA-2007:230http://www.novell.com/linux/security/advisories/2007_23_sr.htmlhttp://www.redhat.com/support/errata/RHSA-2007-1027.htmlhttp://www.redhat.com/support/errata/RHSA-2007-1030.htmlhttp://www.redhat.com/support/errata/RHSA-2007-1031.htmlhttp://www.securityfocus.com/archive/1/480239/100/100/threadedhttp://www.securityfocus.com/archive/1/480244/100/100/threadedhttp://www.securityfocus.com/archive/1/485823/100/0/threadedhttp://www.securityfocus.com/archive/1/487984/100/0/threadedhttp://www.securityfocus.com/bid/25079http://www.securitytracker.com/id?1018905http://www.ubuntu.com/usn/usn-515-1https://bugzilla.redhat.com/show_bug.cgi?id=303021https://exchange.xforce.ibmcloud.com/vulnerabilities/35620https://issues.rpath.com/browse/RPL-1972https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10557https://www.exploit-db.com/exploits/4227https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.htmlhttps://www.redhat.com/archives/fedora-package-announce/2007-November/msg00724.html
2007-07-27
Published